Description:
Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions on the target system. JBoss Web Server is affected.

A remote user can send a specially crafted ClientHello message to trigger a segmentation fault in DTLSv1_listen() and cause the target service to crash [CVE-2015-0207]. Only version 1.0.2 is affected. DTLS systems are affected. Per Allansson reported this vulnerability.

A remote user can send an ASN.1 signature using the RSA PSS algorithm and specially crafted parameters to cause the target application to crash [CVE-2015-0208]. Only version 1.0.2 is affected. Brian Carpenter reported this vulnerability.

A user can invoke the d2i_ECPrivateKey() function with a specially crafted EC private key file to trigger a memory free error and cause denial of service conditions [CVE-2015-0209]. Applications that receive EC private keys from untrusted sources may be affected. The BoringSSL project reported this vulnerability.

In certain situations, a client may complete a handshake with using an unseeded PRNG [CVE-2015-0285]. As a result, information generated (such as keys) may be predictable. Only version 1.0.2 is affected. Matt Caswell of the OpenSSL development team reported this vulnerability.

A remote user can send a specially crafted ASN.1 boolean type to trigger a flaw in the ASN1_TYPE_cmp() function and cause the target application to crash [CVE-2015-0286]. Stephen Henson of the OpenSSL development team reported this vulnerability.

A remote user can send specially crafted ASN.1 data to trigger a memory corruption error in the target application [CVE-2015-0287]. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. OpenSSL clients and servers are not affected. Emilia Kasper reported this vulnerability.

A user can invoke the X509_to_X509_REQ() function with an invalid certificate key to trigger a null pointer dereference and cause the target application to crash [CVE-2015-0288]. Brian Carpenter reported this vulnerability.

A remote user can send specially crafted ASN.1-encoded PKCS#7 blobs with missing ContentInfo to trigger a null pointer dereference and cause the target application to crash [CVE-2015-0289]. OpenSSL clients and servers are not affected. Michal Zalewski of Google and Emilia Kasper of the OpenSSL development team reported this vulnerability.

A remote user may be able to trigger a flaw in the 'multiblock' code on 64-bit x86 systems that support AES NI instructions and cause the target system to potentially crash [CVE-2015-0290]. Only version 1.0.2 is affected. Daniel Danner and Rainer Mueller reported this vulnerability.

A remote user can renegotiate with an invalid signature algorithm extension to trigger a null pointer dereference and cause the target service to crash [CVE-2015-0291]. Only version 1.0.2 is affected. David Ramos (@ramosbugs) of Stanford University reported this vulnerability.

A remote user can send base64 encoded data to trigger a flaw in OpenSSL and cause the target application or service to crash [CVE-2015-0292]. Versions 0.9.8, 1.0.0, and 1.0.1 are affected. Robert Dugal and David Ramos separately reported this vulnerability.

[Editor's note: This vulnerability was previously fixed in source code commits d0666f289a (1.0.1), 84fe686173 (1.0.0) and 9febee0272 (0.9.8) but was not disclosed in a security advisory.]

A remote user can send a specially crafted SSLv2 CLIENT-MASTER-KEY message to cause the target server to crash [CVE-2015-0293]. Systems that both support SSLv2 and enable export cipher suites are affected. Sean Burford of Google and Emilia Kasper of the OpenSSL development team reported this vulnerability.

A remote user can select a DHE ciphersuite and send a zero length ClientKeyExchange message to cause the target service to crash [CVE-2015-1787]. Only version 1.0.2 is affected. Matt Caswell of the OpenSSL development team reported this vulnerability.

Impact:
A remote user can cause denial of service conditions on the target system.

A remote user may be able to more readily predict keys in certain cases.

Solution:
Red Hat has issued a fix for CVE-2015-0293 for JBoss Web Server.